Lucene search
K
Notepad-plus-plusNotepad++

10 matches found

CVE
CVE
added 2026/04/30 8:31 p.m.371 views

CVE-2026-6539

Notepad++ 8.9.3 is affected by a vulnerability described as a format string injection in the Find Results panel handler, triggered by a malicious nativeLang.xml language pack. The issue can be introduced by poisoned language packs distributed via community channels and triggers format string inte...

4.6CVSS5.2AI score0.00191EPSS
CVE
CVE
added 2026/04/10 7:40 a.m.160 views

CVE-2026-5525

CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...

7.8CVSS6.2AI score0.00166EPSS
CVE
CVE
added 2026/06/26 8:21 p.m.146 views

CVE-2026-48778

Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...

7.8CVSS5.8AI score0.01314EPSS
CVE
CVE
added 2026/06/26 8:22 p.m.96 views

CVE-2026-48770

Notepad++ prior to version 8.9.6.1 is affected by multiple issues arising from insecure handling of inter-process communication data. Specifically, a local attacker can trigger a denial of service (CVE-2026-48770) by sending a malformed WM_COPYDATA message where COPYDATA_FULL_CMDLINE is processed...

5CVSS5.8AI score0.00258EPSS
CVE
CVE
added 2026/06/26 8:12 p.m.83 views

CVE-2026-48800

Notepad++ prior to 8.9.6.1 is affected by CVE-2026-48800 where the content inside in shortcuts.xml is read without validation and used to build a Run menu item that ShellExecute() executes. The attacker-controlled string becomes the executable path when the user clicks the Run menu entry, enabl...

7.8CVSS5.8AI score0.0036EPSS
CVE
CVE
added 2026/02/03 12:50 a.m.65 views

CVE-2025-15556

Notepad++ versions prior to 8.8.9 using the WinGUp updater are affected by an update integrity verification vulnerability: downloaded update metadata and installers are not cryptographically verified. An attacker who can intercept or redirect update traffic can cause the updater to download and e...

7.7CVSS6.4AI score0.01268EPSS
In wild
CVE
CVE
added 2026/02/18 11:7 p.m.57 views

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...

7.3CVSS6.7AI score0.00248EPSS
CVE
CVE
added 2026/06/26 8:11 p.m.51 views

CVE-2026-52884

Notepad++ CVE-2026-52884 affects Notepad++ up to version 8.9.6.1 where isInTrustedDirectory() does not canonicalize paths before checking. The code uses a prefix-based trust check (PathIsPrefix or equivalent), allowing a path traversal like ....\ after a trusted directory prefix to resolve to an ...

7.8CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/06/26 8:19 p.m.43 views

CVE-2026-52885

Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...

7.5CVSS6AI score0.00129EPSS
CVE
CVE
added 2026/06/26 8:16 p.m.10 views

CVE-2026-46710

Notepad++ is affected by a local privilege escalation vulnerability in the installer (CVE-2026-46710) detected in versions 8.9.4–8.9.6. During installation, the installer launches powershell.exe without an absolute path after setting the working directory to the installation contextMenu directory...

7.8CVSS5.8AI score0.00108EPSS